package com.gitee.qdbp.general.system.web.shiro.impl;

import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.subject.PrincipalCollection;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.gitee.qdbp.able.exception.ServiceException;
import com.gitee.qdbp.general.system.api.personnel.model.UserCoreBean;
import com.gitee.qdbp.general.system.web.shiro.simple.LoginUser;
import com.gitee.qdbp.general.system.web.shiro.simple.SimpleAccountLoginRealm;

/**
 * 用户登录/授权
 *
 * @author zhaohuihua
 * @version 180522
 */
public class UserServiceRealm extends SimpleAccountLoginRealm {

    private static final Logger log = LoggerFactory.getLogger(UserServiceRealm.class);

    public UserServiceRealm() {
        super();
        this.setClearAuthorizationInfo(false);
    }

    /** 获取授权信息 **/
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) throws AuthenticationException {
        SimpleAuthorizationInfo authorization = new SimpleAuthorizationInfo();
        LoginUser logined = (LoginUser) super.getAvailablePrincipal(principals);
        UserCoreBean user = logined.original();
        authorization.addStringPermission("*");

        log.trace("Successful to authorization: {}", user);

        try {
            onAuthorizeSuccess(logined);
        } catch (ServiceException e) {
            throw new AuthenticationException("Failed to check authentication login.", e);
        }
        return authorization;
    }

}
